Bring SafeguardJava up to date with the modern Java ecosystem, improve testing, and add missing functionality found in SafeguardDotNet.#140
Open
petrsnd wants to merge 22 commits intoOneIdentity:masterfrom
Conversation
Add .editorconfig enforcing UTF-8, LF line endings, 4-space indentation, trim trailing whitespace, and final newline. Add editorconfig-maven-plugin 0.2.0 to verify phase to enforce these rules during builds. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add .gitattributes to enforce LF line endings in the repository. Normalize all existing files: CRLF to LF, trim trailing whitespace, ensure final newline. This is a formatting-only change with no functional modifications. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Implement OAuth2 PKCE (Proof Key for Code Exchange) authentication flow to achieve feature parity with SafeguardDotNet. This enables authentication against Safeguard appliances where the resource owner password grant type has been disabled. SDK changes: - Add PkceAuthenticator implementing the 6-step rSTS LoginController flow (init, primary auth, secondary auth/MFA, generate claims, extract code, exchange token) - Add AgentBasedLoginUtils with PKCE helpers (code verifier, code challenge, CSRF token generation, authorization code exchange, login response) - Add Safeguard.connectPkce() factory methods (3 overloads supporting ignoreSsl, HostnameVerifier callback, and optional MFA password) Test tool changes: - Add --pkce flag for PKCE authentication in the CLI test tool - Add -R/--resource-owner flag to enable/disable the `Allowed OAuth2 Grant Types` setting via PKCE, matching SafeguardDotNet's pattern - Fix test tool dependency version (7.5.0 -> 8.2.0) Test framework changes: - Add preflight check that detects whether resource owner password grant is enabled, enables it via PKCE if needed, and restores the original setting after all tests complete - Add Suite-PkceAuth with 5 tests exercising PKCE authentication in isolation (Me endpoint, token lifetime, token retrieval, token reuse, Settings read) - Add optional -Pkce switch to Invoke-SgJSafeguardApi and Invoke-SgJTokenCommand for explicit PKCE usage in individual tests All 19 tests pass (5 suites) against a Safeguard appliance with resource owner password grant disabled by default.
Migrate 16 files from JUL to SLF4J. Level mapping: FINEST->trace, FINE->debug, INFO->info, WARNING->warn, SEVERE->error. Fix incorrect class references in several logger calls. Consumers can now choose their preferred logging backend via standard SLF4J bindings.
Member
Author
|
These changes include a fix for #139 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Highlights